This video shows you how you start with the project setup.

Select a management configuration for your project

On the second step of the project creation, you can decide between three ways to manage your project in Drop Guard:

  1. Your Drupal site is managed by Composer (mainly Drupal 8 websites, for example)
  2. Your Drupal Site is NOT managed by Composer (most Drupal 7 websites) and you want to install the Drop Guard module
  3. Your Drupal project is NOT managed by Composer but stores its files directly within a repository

1. Your Drupal site is managed by Composer

Drop Guard is capable of managing the Drupal modules of your website by using Composer. For your composer managed projects, please select “My site is managed by Composer package manager” on the Site config tab within your project setup process.

In Composer mode, Drop Guard only updates your composer.json and composer.lock files, the rest of codebase remains untouched. This also addresses a common privacy concern, as you don’t have to give Drop Guard read and write access to the whole repository.

There are two available options to choose from within the “Composer settings” box in the screenshot above:

A. Ignore version constraints

Drop Guard will use the “composer require” command and will try to update all modules up to the latest released version (an update might fail if it won’t resolve all composer dependencies). So it will overwrite your module version in your repository with the new version number and will do it every time the module gets a new version. If the update is applied successfully, the composer.json and composer.lock files will get updated.

  “require”: {
    “drupal/google_analytics”: “8.2.5"

B. Respect version constraints

If set, Drop Guard will never overwrite constraints set in the composer.json file. So, for example, if you have a constraint set like this:

  “require”: {
    “drupal/google_analytics”: “^8.2”

Drop Guard will only update the module until version 9.0 is released, as set by the constraint. When the 9.0 version comes out, Drop Guard update task will fail to perform an update, so that you will have to update the constraint manually. Within this setting, composer.lock files will be changed only.

We recommend evaluating the benefits and drawbacks of each method carefully for your individual case, as they have a huge impact on the workflow.

If you are using Drupal 8, the option "Core update mode" on "Site Configs" page will be available to you. There are two options available:

  • Provide all new updates. It provides all updates - not only minor.
  • Provide only minor updates. It will be selected by default for all existing and new projects. If you select this option Drop Guard will only create update tasks for minor updates (f.e. from 8.6.6 to 8.6.7) of Drupal Core. We highly recommend to use this mode.

2. Non-Composer managed Drupal sites & the Drop Guard module installation

If your project is NOT managed by Composer and if you DON’T store all your modules inside your git (explained in the third option), you will need to download and install the Drop Guard module manually to be able to set up a Drop Guard project successfully. This means that you have to connect your Drupal site to Drop Guard by installing the module on your Drupal website you want to manage with Drop Guard. The User ID and the generated Access Token from the config page in Drop Guard need to be copied and pasted into your website’s module settings page. The field for your Docroot folder needs to be filled with the folder location of your Drupal core. This approach is quite tricky, compared with the first or third option, but the Drop Guard module provides the exact information about the installed module version on your live site.

If you have no technical background and struggle here, reach out for your development or support team or contact us, we’re always there to help you.

3. No Composer, no live site module - and now?

The third option is to manage your project with Drop Guard just by providing the Docroot folder data directly. The requirement for this third option is that you store all your modules inside your git repository. But note that if you are using this option, Drop Guard can’t know if you deployed all modules of your git repo to your production environment.

Congrats! You’ve just created a Drop Guard project. Within the next step, you’ll learn how you can configure the project in detail to benefit from a smooth update pipeline.